Meta has sued several Chinese companies doing business as HeyMods, Highlight Mobi, and HeyWhatsApp for developing and allegedly using “unofficial” WhatsApp Android apps to steal over one million WhatsApp accounts starting May 2022.
Meta’s complaint says these malicious apps were available for download from the three companies’ sites and from Google Play Store, APK Pure, APKSFree, iDescargar, and Malavida.
Once installed, the apps (including AppUpdater for WhatsPlus 2021 GB Yo FM HeyMods and Theme Store for Zap) used bundled malware to harvest sensitive info, including account authentication, to hijack their WhatsApp accounts to send spam messages.
“After victims installed the Malicious Applications, they were prompted to enter their WhatsApp user credentials and authenticate their WhatsApp access on the Malicious Applications,” the complaint adds.
“The Defendants programmed the Malicious Applications to communicate the user’s credentials to WhatsApp’s computers and obtain the users’ account keys and authentication information (collectively, ‘access information’).”
AppUpdater for WhatsPlus alone was installed by more than one million Android users, according to its Google Play Store entry.
Gambling spam pushed using compromised WhatsApp accounts (BleepingComputer)
The head of WhatsApp at Meta, Will Cathcart, warned users in July not to download modified versions of WhatsApp and gave as examples HeyMods’ and HeyWhatsApp’s apps.
“Recently our security team discovered hidden malware within apps – offered outside of Google Play – from a developer called “HeyMods” that included “Hey WhatsApp” and others,” Cathcart said.
“These apps promised new features but were just a scam to steal personal information stored on people’s phones. We’ve shared what we found with Google and worked with them to combat the malicious apps.”
Starting in mid-July, Android’s Google Play Protect was updated to detect and disable previously downloaded malicious fake versions of WhatsApp on users’ Android devices after Meta alerted Google of their findings.
“We’re also taking enforcement action against HeyMods to stop future harm, and will further explore legal options to hold HeyMods and others like them accountable,” Cathcart added.
If you see friends or family using a different form of WhatsApp please encourage them to only use WhatsApp from a trusted app store or our official website directly at https://t.co/YAJdT4emYv.
— Will Cathcart (@wcathcart) July 11, 2022
As Meta says, the defendants agreed and were bound by the WhatsApp Terms when they created various WhatsApp accounts. They also agreed and were bound by the Meta Terms, Platform Terms, and Developer Policies after creating Facebook Pages and apps.
However, by taking the actions detailed above, they breached their agreement with WhatsApp and Meta, causing WhatsApp to sustain damages, including the resources used to investigate their fraudulent scheme.